Blog

If you use Microsoft Outlook to read your email, there's bad news. A security bug in the program can allow an attacker to send you a malicious email using rich text format (RTF). If you so much as preview this message – without actually opening it – your PC can be taken over!

By setting up the message in a certain way, the Outlook bug allows the attacker to get hold of your Windows username and password.

While the password is scrambled – using a process called hashing – a determined attacker could probably break it.

The problem is all down to the way that Outlook loads remote content from a server, but it appears to be tricky for Microsoft to tackle.
The problem was first reported in October 2016! Microsoft's previous patch failed to fully solve the problem, but hopefully this new one will.

If you have Outlook installed on your computer (it comes as part of Microsoft Office), you should make sure that the fix is installed, even if you use a different email reader.

That isn't the only long-standing security problem that Microsoft have recently had to issue new fixes for. Windows has had security problems caused by fonts for a while.

These little files do nothing more than tell Windows how to display various type faces on screen. But bugs in how they are handled mean that fonts can also be used to spread viruses and worms.

This month Microsoft have fixed five different problems that would allow an attacker to use malicious fonts on a web page to execute code on your PC.

Simply viewing the page is enough to activate the bugs. This kind of attack is similar to the Duqu virus of 2011, which also used malicious fonts to attack PCs. You'd have thought Microsoft would have got on top of the problem by now, but apparently not.

If you have Windows 10, or automatic updates activated on Windows 8.1 or 7, these should be put in place automatically. If not, install them manually from the Windows Update Control Panel.